Notpetya Ransomware: What You Need To Know

Notpetya Ransomware: What You Need To Know

2018-04-22T05:52:19+00:00 3 Mar 2018|

The NotPetya Ransomware, Which is a new variant of Petya is widely considered as one of the nastiest malware to ever emerge after it surfaced in June 2017. This malware differs from others especially in its mode of operation. After emerging in 2017, it went on to create havoc in some of the biggest institutions worldwide.

The most notable victims of the NotPetya Ransomware include shipping giants Maersk who experienced a worldwide shutdown across 70 ports. Maersk also reported a $300 million loss following the attack. Courier and shipping company TNT also experienced a notable attack from the NotPetya Ransomware in 2017.

This article aims to provide an overview of all you need to know about the NotPetya Ransomware with details regarding how it works, how to recover data in the event of an attack and also some very useful tips on how to prevent an attack.

What Makes Notpetya Ransomware Unique?

NotPetya Ransomware data recovery

Usually, hackers design ransomware to extort victims before releasing their files but NotPetya doesn’t follow this trend. This ransomware is simply created to thrash out and destroy systems. Although it was initially designed to demand a $300 bitcoin payment, this quickly disintegrated. This made things quite obvious that it was not about the money as every other aspect had sophisticated programming.

Another unique thing about NotPetya is the way it propagates across a network. You should continue reading to find out how this ransomware spreads once a host computer is infected.

How does the Infection Spread?

This malware is considered very dangerous mainly because it requires hardly any human intervention to spread. How then does it spread?  The Notpetya virus spreads on its own. While the original Petya virus required its victim to unwittingly download it from a spam email, launch and grant it admin permission, the Notpetya doesn’t need human intervention to encrypt files. The Notpetya malware uses AI to spread from one computer to the other.

The first infection vector seemed to have been via a backdoor in an accounting software, the ME Doc, that is used by a lot of companies in Ukraine. Using a variety of techniques after infecting computers from Medocs servers, the Notpetya virus spread to other computers including two exploits developed by the United States NSA to take advantage of a flaw in windows implementation of the SMB Protocol, the Eternalblue and Eternalromance.

Similarly, Notpetya can also take advantage of the Mimi Katz to find network administration credentials in the infected computer’s memory. It subsequently makes use of the PsExec and WMIC tools built into Windows to remotely access other computers on the local network and get them infected as well.

NotPetya Ransomware data recovery

Like its predecessor, the Notpetya virus forces the victimized Windows users to pay a digital ransom through Bitcoin in return for their data. However, it attacks a part of the operating system, the Master File Table (MFT) and does not encrypt files on computers. This then overwrites the Master Boot Record.

What’s worse, NotPetya encrypts everything. The NotPetya malware goes way beyond its predecessor the Petya’s trick of encrypting the master boot record. Notpetya ensures it goes after all files to seriously screw up your hard drive. The system set-up for receiving ransom payments also disintegrates rapidly. This leads experts to believe that it was never designed for the money.

This peculiar behavior of Notpetya has lead experts to believe it is more than a ransomware and can only be developed by a creator with large resources at its disposable. The Notpetya seems similar to its predecessor at first glance with the demand for a ransom in exchange for a key to decrypt. But, the victim doesn’t send his unique identification which means a key generated could maybe not be his and all files could be summarily lost.

How to Recover Data After a Notpetya Ransomware Attack

Here is a list of precautionary measures to be taken when a computer comes under attack by the notorious Notpetya Ransomware. Note that these steps are aimed at aiding data recovery.

  • The first thing to do is to remove the attacked and infected Windows PC from the network.
  • Secondly, disconnect the affected computer from the internet.
  • Avoid launching or updating any antivirus on the infected computer.
  • Do not run or scan the hard disk on the infected computer.
  • Shut down your PC directly by using the Power button i.e. execute Hard Shut down.
  • Do not use the infected hard drive on any other computer.
  • Contact a data recovery expert like SALVAGEDATA.

How to prevent a NotPetya Ransomware attack?

NotPetya Ransomware data recoveryAlthough the NotPetya ransomware has been widely contained, it’s important to understand that the threat is still very much alive. The following are steps on how to prevent a NotPetya Ransomware attack.

Adopt a sensible digital hygiene

This means to ensure the operating system version is the latest one as this will block loopholes and openings Notpetya ransomware exploited in older versions. Use the latest antivirus and other software to prevent flaws. Windows 10, for example, was seen to have been able to fend off cyber attack because of its auto-update features.

Trick the malware into thinking it already exists on your PC

This can be done by creating and naming a file to appear like a malware. In the event where a malware enters the PC, it will kill itself.

It’s easy to assume that a PC is malware-proof and become negligent. To keep malware away from files and hard-drive, it’s best to stay vigilant and a step ahead as hackers are always evolving new ways of cyberattack.

Contact a data recovery expert

Hacker sophistication is on the rise and it may be somewhat impossible to sometimes fight off these attacks with general knowledge. If the above steps have failed, you will need to get in touch with a data recovery expert to help find more practical solutions to recovering your data safely from the attack. SALVAGEDATA is a great example of this with years of expertise in warding off cyberattacks and a 100% data recovery record.

Closing Thoughts

Now that you’re aware of the NotPetya Ransomware and how it operates, you should be better informed to prevent an attack on your computer or network. If you or anyone you know has a NotPetya problem, do not fret. SALVAGEDATA has the required expertise to help recover your data and assist in preventing future attacks.

Our next post will focus on all you need to know in order to prevent an attack from the Cryptomix Ransomware.

Leave A Comment